package cn.cloud.all.security.oauth2.provider.token.store;

import cn.cloud.all.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;

import java.net.URL;
import java.util.Map;

/**
 * A {@link JwtClaimsSetVerifier} that verifies the Issuer (iss) claim contained in the
 * JWT Claims Set against the <code>issuer</code> supplied to the constructor.
 */
public class IssuerClaimVerifier implements JwtClaimsSetVerifier {

    private static final String ISS_CLAIM = "iss";
    private final URL issuer;

    public IssuerClaimVerifier(URL issuer) {
        Assert.notNull(issuer, "issuer cannot be null");
        this.issuer = issuer;
    }

    @Override
    public void verify(Map<String, Object> claims) throws InvalidTokenException {
        if (!CollectionUtils.isEmpty(claims) && claims.containsKey(ISS_CLAIM)) {
            String jwtIssuer = (String) claims.get(ISS_CLAIM);
            if (!jwtIssuer.equals(this.issuer.toString())) {
                throw new InvalidTokenException("Invalid Issuer (iss) claim: " + jwtIssuer);
            }
        }
    }
}